phpsysinfo 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk csrf and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-49006 | Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. | [email protected] | 6.5 | 0.52% | 2023-12-19 | 2024-11-21 |
| CVE-2007-4048 | Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | [email protected] | 4.3 | 1.32% | 2007-07-30 | 2026-04-23 |
| CVE-2006-3360 | Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. | [email protected] | 5.0 | 5.37% | 2006-07-06 | 2026-04-16 |
| CVE-2005-3348 | HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | [email protected] | 4.3 | 1.98% | 2005-11-18 | 2026-04-16 |
| CVE-2005-0870 | Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. | [email protected] | 4.3 | 3.72% | 2005-05-02 | 2026-04-16 |
| CVE-2005-0869 | phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | [email protected] | 5.0 | 1.41% | 2005-05-02 | 2026-04-16 |
| CVE-2003-0536 | Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters. | [email protected] | 3.6 | 1.47% | 2003-08-18 | 2026-06-16 |